Setting up Microsoft Authenticator on new mobile phone for MFA

Owned by Mike Creamer
Last updated: 26 Jun, 2023 by Trent Boekee (Deactivated)
4 min read

The Authenticator app on your mobile phone functions as a key to your account. When you link your SVI Microsoft account to the Authenticator app then this key is stored in the app on your phone. Uninstalling the app, getting a new phone, or a factory reset (wipe) of your phone will remove the key.

When this happens, you will not be able to use the Authenticator app on your mobile to verify your identity, as the key doesn’t exist. You will need to link your new app or phone to your account in order to generate a new key to be able to verify your identity again.

This process is 4 steps:

  • Getting back into your account

  • Deleting your old phone/app as a sign-in method

  • Setting up your new phone/app

  • (Optional) Enabling passwordless phone sign-in

Step 1 - Logging back into your account

When you first set up the Authenticator app, you would have added your mobile phone number as a backup MFA method. You can use this to verify your identity so that you can log back in

  1. In a web browser, go to aka.ms/mfasetup

  2. Enter your SVI email address

  3. Enter your password

  4. You will then be prompted to approve the sign in request on your Authenticator app (which you don’t have any more)

  5. Click the blue text near the bottom: “I can’t use my Microsoft Authenticator app right now

     

  6. You will then be able to choose one of your backup MFA methods:

     

  7. Select the option to call your backup phone number

  8. Answer the call and follow the prompts to verify the sign-in

Step 2 - Deleting your old phone/app as a sign-in method

  1. When you have signed in, you should see the Security info page:

     

  2. Click the Delete option next to the Microsoft Authenticator and you will be prompted to confirm - click OK.

Step 3 - Setting up your new phone/app

These instructions assume you are using a web browser on a desktop computer

  1. Click the + Add sign-in method button

     

  2. In the popup window that appears, select Authenticator App and then click Add

  3. Download the Microsoft Authenticator app on your new phone (if you haven’t already). You can click the blue text Download now to display QR codes to the app for Android and iOS.

     

  4. On your computer:

    1. Click Next

    2. Click Next

    3. A QR code will be displayed

    4. Leave it open and continue the instructions below:

  5. On your phone:

    1. Open the Authenticator app and approve any license agreements and conditions (if they appear)

    2. Allow the Authenticator app to send notifications (Important step)

    3. Click the + icon at the top of the Authenticator app phone screen

    4. Select “Work or school account”

    5. Select “Scan a QR code”

    6. Allow the app to use the camera (if prompted)

    7. Scan the QR code with the Authenticator app

    8. This should show a brief loading page and then you should see an entry in the Authenticator app for St Vincent’s Institute with your email address below it

    9. If you get an error here that the QR code has already been used, on the screen with the QR code click the Back button and then Next again. This will generate a new QR code

  6. On your computer:

    1. Click Next

    2. This will show a 2 digit number on the screen. Enter this number on your phone when prompted and approve the sign in

  7. Verify that your Default sign-in method is set to App based authentication - notification and change it if necessary

     

Step 4 - Enable passwordless phone sign-in (optional)

The standard login flow for Microsoft is: Enter email address → enter password → approve notification on phone.

This step will remove the middle requirement of entering your password. This is beneficial because typing your password fewer times results in less chances for your password to be intercepted, either by complicated methods like keyloggers and attacker-in-the-middle techniques, or as crude as someone watching over your shoulder.

  1. Open the Authenticator app on your phone

  2. Tap on the St Vincent’s Institute entry for your email address

  3. Select the Set up phone sign-in option

  4. Click Continue

  5. Enter your Microsoft password and click Sign In

  6. Approve the prompt to “register” the device

    1. This just assigns your device a unique ID and links this to your Microsoft account, so the sign-in requests can be sent to this specific device.

 

Now that your phone has been registered, you can use it to sign in instead of your password

  1. Open a private or incognito window in a web browser

  2. Go to www.office.com and click Sign In

  3. Enter your SVI email address

  4. When prompted for your password, click the blue text Use an app instead

     

  5. This will show a 2 digit number and send an authentication request to your Authenticator app

  6. Authorise the sign-in

  7. Your account will now automatically use a passwordless login (where possible), and will immediately send an Authenticator request after entering your SVI email address at a login window

If you have any issues please raise a IT ticket for further help.